if you're not using Twitter this month...try some different nostr clients. Just remember to keep your nsec (secret key) safe, by using a browser extention (nostore testflight on safari, nos2x or alby on Chrome) or a native app you trust.
Discussion
π«‘
Do you have a recommended favorite client at this point outside of Damus?
+1 for GetAlby.com
What about flamingo extension for chrome? Safe?!?
Shame. Shame to everywhere you go and I see you there will be shame!
Why cant verification be done within nostr?
nostr is a protocol, a set of rules, not a functioning piece of software.
Please zap me whilst you still have that sats hoard!
I've found nos2x to not work on Firefox. I have to use a Chrome based browser for web #Nostr. Anyone have any luck on Firefox?
Yes, working for me
Yes, with more and more clients, many unfamiliar apps will paste your data by default, and I wonder if it's a good idea to offer users a two-factor authentication option, like Google CaptCha.
Using Damos on iOS so far. Do you have suggestions for a good desktop client?
Thanks #[1]β !
This is the way.
To use other clients you have to enter your nsec to post notes, so the recommendation is to use a browser extension to authenticate your nsec with the new clients? I'm assuming the browser extension takes your nsec from an initial client (i.e.-snort) and authenticates the new client. Am I seeing this correctly?π§π§π§
Iβm wondering about this too. I got my original key pair from Damus bit Iβm leery of entering the private key into other clients just in case they are malicious.
jack hustling for that nostr support rep of the month again
Every bitcoiner on the planet is going nostr crazy atm π
Is it safe to copy and paste your nsec into a local app on my phone? Obviously not on browser on phone.
Depends on the app of course... Damus on iOS, or Amethyst/Nostros/Plebstr on Android, these are probably safe.
Just mainly test flight apps for nostr. Like current and iris.
βProbablyβ ?
It's open source so we can assume that other people are looking at it and it's not too bad
But it would be nice if there was a better solution
unfortunately that solution is a systemic problem affecting the entire planet not just nostr
You're just trusting them to custody your private key correctly
most of this apps are not even storing it in the keychain
they can't because the hardware doesn't support the curve that we use and the operations needed
so even if they do stuff it in there they're going to stuff it in there as a wrapped encrypted object that they're going to unwrap and use as a raw key
ultimately, it's not safe to put your private key anywhere. it should live on a yubikey or something and never leave unless explicitly exported to another public key (using a cert that verifies the hardware). but browsers and smartphones simply have shitty support for talking to device keychains and hardware devices. and a lot of this failure is caused by the cryptography community with increasingly opaque and bad standards (won't let me do a dh operation, because i might do it wrong)
so we all just paste private keys.
the entire cryptography community got something very basic wrong when X.509 came out
it's the same thing they get wrong when it comes to password security
every time you try to prevent users from using the gun you made to shoot themselves in the foot, you inevitable create a new class of users that just makes their own gun from scratch. which is arguably much more dangerous.
good example: frequent password changes lead to people making easy to remember passwords with minor differences on the end. or writing them down. or sticking them all on a notepad doc on their machine
better solution: require very long passphrases with no special characters. long == hard to break.
Thank you, that was good info. I have no idea how to put it on a ubikey, but maybe I should spend time working on that part of my security setup instead of mobile authenticators. They scare me anyway if I happened to lose my phone.
I relay on Damus. What about you Jack?
Have you tried flamingo?
I'm using Alby with Kiwi Browser, works well for me.
I avoid using Chrome
Me kiwi with nos2x π€.
This all feels so exciting again
Used chrome + flamingo signed
no one trusts chrome. it tracks you and sells your data. most people switched to brave or opera or others years ago
Already tried Nostr for a month now, greatly appreciated, but today I saw that blue sky was partially opened, hoped to try it this month ! (Still waiting for the invite though)
Or write it down in a journal like I did :)
I keep it in a contact info on my android phone. I change just one character and remember only that character.
What's a good way to secure your nsec over an android phone?
I am wondering the same thing. Especially when using a web client.
It should be safe to copy your private key in any client right?
Whereβs the people who write down their passwords and nsec in a little password journal. #[0]
I actually do this for a lot of my passwords lol. Itβs a lil black book.
You get it!! I always feel more secure having it written down then somewhere online
Nobody can hack into my lil journal :,)
I don't know... It can get burned, be lost, be stolen, get wet... No matter what: π© happens!
A loose piece of paper or sticky note somewhere in my desk haha.
My cold storage keys is much more guarded, much more secure, much more secret π€« π€
Keep it secret. Keep it safe
Nostros has seed phrases. I haven't used it because I don't want to burn this account yet, but if my key is stolen, I'll finally make that switch lol
I would love to see more attempts at a clean cli client π«‘ I've tried 2 I think. I like nostr-commander, but more cli clients with different features would be interesting, imo.
#[0]
π€
iris. to is a nice browser client
Thanks for the knowledge
Yes, it would be cool to move all contacts from twitter to #nostr :)
Diooooo ya esta pasando π΅ bye #twitter come on #nostr
#[0]
?w=640What do you guys do to get more zaps? #replyzap
Until many of the topic spaces make it to nostr, going to be on Twitter for a good bit longer.
But the encouragement to try other clients isnβt missed. Need to setup my SailfishOS devices. There likely wonβt be more than browser-based clients thereβ¦ shame. Platform had promise
#[2] is making an IRC client on Nostr!
I think that's pretty cool!
Hi Jack, what do you think about MPC wallet with 3FA recovery system ?
what are your thoughts on the security of Damus?
Afaik you canβt use the same secret key on 2 different Nostr apps. I think it is not supported on SSB protocol which Nostr takes inspiration from.
Is it No-Twitter March?
I'm using Amethyst on my phone, Damus on my iPad, and Iris on the browser. Iris seems to be inconsistent with my other two clients (missing likes). Otherwise it seems to be working.
Any update on Bluesky? Will it be similar to NOSTR?
Each client asks for my private key to post, but nostr guide says not to enter private keys into clients. I got my private key from Damus but I hesitate to enter it into others like snort.social. What to do?
Maybe someone can develop a hardware device to store your nsec on? Or maybe implement using a physical security key with Nostr? Not to sign each post, but just for loading your Nostr profile into a web client or app?
The who literally invented twitter is telling you to use a protocol rather than a centralized social network.
Are you paying attention yet?
#[0]
Let's not forget the censorship of 2016 and political manipulation
Letβs never forget that and always bring it up
Donβt worry itβll be brought up every time you post!
So do you think Joe actually won the election? We need voting backed by bitcoin! Fake votes & fake money all rely on worthless paper!
Joe def did not win the 2016 election
π€£π€£π€£ sure!
I would still be using Twitter if your faggot ass hadn't banned me for calling a prostitute "Whore."
cry harder?
LOL π
Imagine waking up every day with the desire to troll and insult people. There was a dog for that. Did it way better too.
Nothing I said was trolling. You live in a bubble.
the cry is free π₯²
Eat shit hypocrite.
Lolwut
I love how easily his feelings are hurt as he continually slings insults that only a βοΈ π loser would need to say.
A different approach would be nice!
And @kollider also for chrome.
Its tough, I think at this nascent stage, I'd prefer to just put my nsec into another website, fully expecting my current nostr profile to get compromised.
Alby getting permission to read all of my webpages isn't much of a better tradeoff than losing my nostr identity in the event of a hack.
My twitter is still banned for a post about firewood. One of my greatest accomplishments. I wear that ban as a badge of honor today. I tell everyone about it. If your twitter is NOT banned you should be ashamed of yourself.
The native app u trust maybe the hardest. When I first used the snort.social and I need to use the privacy key to login. It terrify me. Although I still did. At that time, I thought that will be a problem.
Whatβs zappening?
so strange. my Damus does not sync with Coracle.
I mean it does not sync "number of followers".
So far I am loving #nostr
Jack, I have been on the waiting list for bluesky for quite some time now, I think since you posted it. Can you please grant me an invite code. Thanks in advance.
But on iOS I have to use my private keys right? Or is there any way to avoid them?
In b4 NIP thet will allow us to obsolete old key and point to new one.
In the meantime we need to get NIP26 rolling: https://github.com/nostr-protocol/nips/blob/master/26.md
anyone working on the idea let people change the private key?
will bluesky integrate with nostr ? π€